SEP agent Cannot assign a client authentication token
search cancel

SEP agent Cannot assign a client authentication token

book

Article ID: 430452

calendar_today

Updated On:

Products

Endpoint Security Endpoint Security Complete Endpoint Protection

Issue/Introduction

One or more of your Symantec Endpoint Security (SES) or Symantec Endpoint Protection (SEP) agents is generating the a Client Authentication Token error or warning similar to the message below in the agent System log.

Fatal    [Client authentication token request] Submitting information to Symantec failed.
Error    Cannot assign a client authentication token. There was a general communication failure. 

This document provides general troubleshooting for these types of issues.

 

Environment

  • Symantec Endpoint Protection (SEP)
  • Symantec Endpoint Security (SES)

Cause

Generally caused by the Symantec agent being unable to access tus1gwynwapex01.symantec.com .

Resolution

Typically when a Symantec Agent is unable to acquire a Client Authentication Token (CAT) it's because the agent does not have network connectivity to the CAT server tus1gwynwapex01.symantec.com .  A browser test can be used as a quick test to see if the workstation itself can access the resource.

  1. Open a Web Browser
  2. Paste the URL tus1gwynwapex01.symantec.com in to the browser and visit the site.

Eventually the page should redirect to a Broadcom landing page.  If any other response is seen, investigate the network for any firewall, proxy or other network filtering device that may be blocking access.  Ensure that all of the URLs listed in this article are allowed.

Additionally, you can confirm if an agent has a CAT by viewing the registry location:

HKLM\software\symantec\symantec endpoint protection\{GUID}\identifiers

a CAT (REG_BINARY) should exist with Data.  Another useful registry location is 

HKLM\software\symantec\symantec endpoint protection\{GUID}\Submissions\CAT


This registry key will have two items

  • Last (REG_QWORD) - Hexadecimal value of the last time the agent successfully made a submission (EPOCH time).  You'll need to convert the hexadecimal value to decimal.
  • Status (REG_DWORD) - CAT request error codes. Table below explains possible values
Value Data Description
0x00000000 Success.
0x00000001 Submissions and reputation queries are disabled.
0x80070057 Invalid license type.
0x8007000d License file path location is unknown.
0x80070002 No license file found.
0x80070005 Unable to read license file contents.
0x8007000e Out of memory.
0x80004002 Cannot load one of the components.

 

 

 

Additional Information

External URLs Required for Symantec Endpoint Protection (SEP) and Symantec Endpoint Security (SES)

 

Powered by Wolken Software